The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
New York Court Rejects Owner’s Bid for Additional Insured Coverage
September 06, 2021 —
Eric D. Suben - Traub LiebermanTenders for additional insured coverage in construction accidents are frequently litigated in New York courts. Although the past few years have seen changes in the law regarding the causal nexus between the named insured’s work and coverage for the purported additional insured, courts often find there is at least a duty to defend the additional insured where there are allegations of the employer/subcontractor’s presence at the site.
An exception is the recent decision in Gemini Insurance Company v. Certain Underwriters at Lloyd’s, London, Index No. 652669/20 in the Supreme Court of the State of New York, County of New York (Lebovits, J.). In that case, Gemini insured the owner and general contractor of a construction project, and Lloyd’s insured the injured claimant’s employer under a policy endorsed to provide additional insured coverage to entities who “have agreed in writing in a contract or agreement” with the named insured that they must be “added as additional insured.” Although the court found that the contracts here satisfied this requirement for additional insured coverage, the court’s analysis did not end there.
Noting that even where such contract exists, the Lloyd’s policy would not provide additional insured coverage “in all circumstances” (emphasis in original), the court next considered whether the underlying injury was “caused in whole or in part by: 1. [The named insured’s] acts or omissions, or 2. The acts or omissions of those acting on [the named insured’s] behalf,” as required under the endorsement’s wording.
Read the court decisionRead the full story...Reprinted courtesy of
Eric D. Suben, Traub LiebermanMr. Suben may be contacted at
esuben@tlsslaw.com
Updates to AIA Contract Applications
January 07, 2025 —
Anand Gupta - Construction Law Zone BlogThe construction industry often relies on contract forms drafted by the American Institute of Architects (AIA). These AIA forms include agreements between owners, designers, consultants, contractors, subcontractors, and construction managers. Some prefer to use the forms in the stock form, but others prefer to modify the language to their benefit. These modifications can be made in Microsoft Word and uploaded into AIA’s current web-based system, ACD5, to create redlines against the standard AIA forms (Checked-Drafts) and final clean versions without the “DRAFT” watermarks. Law firms and clients keep repositories of these modified templates for future projects.
A common issue with modifying documents offline in Microsoft Word and passing the documents back-and-forth between different email and document management systems is that the metadata of the forms becomes corrupted. AIA technical support then must reset the metadata, which takes hours or days. This delay can pose challenges to clients when they are up against a deadline.
Read the court decisionRead the full story...Reprinted courtesy of
Anand Gupta, Robinson+ColeMr. Gupta may be contacted at
agupta@rc.com
The Living Makes Buildings Better with Computational Design
November 12, 2019 —
Aarni Heiskanen - AEC BusinessThe AEC industry has a responsibility and mandate when it comes to addressing significant global challenges in the sector and improving operational practice. Professionals such as Lorenzo Villaggi, Senior Research Scientist at The Living, believe that new design technologies hold the key to better-performing built environments.
“Although I’m trained as an architect, I’ve always had an interest in how technology can interact with and have an impact on design processes,” says Lorenzo. “I’ve developed a familiarity with advanced computational tools and eventually developed my own.”
These computational tools are primarily designed to assist with the generation of design options and improve performance analysis. They range from small systems that help users design faster, all the way to elaborate software that can perform complex, mission-critical tasks.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, AEC BusinessMr. Heiskanen may be contacted at
aec-business@aepartners.fi
Ruling Finds Builder and Owners at Fault in Construction Defect Case
December 30, 2013 —
CDJ STAFFA Minnesota home owners association has been found 30liable for some of the damage to their homes in a jury trial. The Interlachen Propertyowners Association made a claim of construction defects against Keupers Architects and Builders who had constructed the 24-unit town home complex. According to the association’s lawyer, the half-log siding was improperly installed, leading to water intrusion and rot.
The jury did find for the homeowners on the construction defect claim, but found on a claim of negligent repairs that the association was 30% at fault, due to insufficient maintenance of the building. “We don’t think any amount of maintenance would have saved these buildings,” said Jason Tarasek, the lawyer for the association. The association is likely to appeal.
Read the court decisionRead the full story...Reprinted courtesy of
68 Lewis Brisbois Attorneys Recognized in 5th Edition of Best Lawyers: Ones to Watch in America
September 23, 2024 —
Lewis Brisbois Newsroom(August 15, 2024) – 68 Lewis Brisbois attorneys across 26 offices have been named to the 5th edition of “Best Lawyers: Ones to Watch in America.” Congratulations to the following attorneys on this recognition!
You can see the list of Lewis Brisbois attorneys named to Best Lawyers' 30th edition of The Best Lawyers in America here.
Reprinted courtesy of
Lewis Brisbois
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
How Drones are Speeding Up Construction
July 26, 2017 —
Aarni Heiskanen - AEC BusinessDrones, or unmanned aerial vehicles (UAVs), are being used in many industries, e.g. agriculture, construction, mining, oil & gas, mapping, and surveying. In construction, drones have proven to be quite disruptive, offering huge productivity increases.
Gartner’s famous Hype Cycle for Emerging Technologies, 2016, positioned drones as just entering the Peak of Inflated Expectations. Gartner claims that, “Smart machine technologies will be the most disruptive class of technologies over the next 10 years due to radical computational power, near-endless amounts of data, and unprecedented advances in deep neural networks.”
Commercial UAVs are one of the smart machine technologies in question, together with smart robots, autonomous vehicles, cognitive expert advisors, and others.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, AEC BusinessMr. Heiskanen may be contacted at
info@aepartners.fi
Does a No-Damage-for-Delay Clause Also Preclude Acceleration Damages?
January 27, 2020 —
Ted R. Gropman & Christine Z. Fan - ConsensusDocsConstruction contracts often include a “no damage for delay” clause that denies a contractor the right to recover delay-related costs and limits the contractor’s remedy to an extension of time for noncontractor-caused delays to a project’s completion date. Depending on the nature of the delay and the jurisdiction where the project is located, the contractual prohibition against delay damages may well be enforceable. This article will explore whether an enforceable no-damage-for-delay clause is also a bar to recovery of “acceleration” damages, i.e., the costs incurred by the contractor in its attempt to overcome delays to the project’s completion date.
Courts are split as to whether damages for a contractor’s “acceleration” efforts are distinguishable from “delay” damages such that they may be recovered under an enforceable no-damage-for-delay clause. See, e.g., Siefford v. Hous. Auth. of Humboldt, 223 N.W.2d 816 (Neb. 1974) (disallowing the recovery of acceleration damages under a no-damage-for-delay clause); but see Watson Elec. Constr. Co. v. Winston-Salem, 109 N.C. App. 194 (1993) (allowing the recovery of acceleration damages despite a no-damage-for-delay clause). The scope and effect of a no-damage-for-delay clause depend on the specific laws of the jurisdiction and the factual circumstances involved.
There are a few ways for a contractor to circumvent an enforceable no-damage-for-delay clause to recover acceleration damages. First, the contractor may invoke one of the state’s enumerated exceptions to the enforceability of the clause. It is helpful to keep in mind that most jurisdictions strictly construe a no-damage-for-delay clause to limit its application. This means that, regardless of delay or acceleration, courts will nonetheless permit the contractor to recover damages if the delay is, for example, of a kind not contemplated by the parties, due to an unreasonable delay, or a result of the owner’s fraud, bad faith, gross negligence, active interference or abandonment of the contract. See Tricon Kent Co. v. Lafarge N. Am., Inc., 186 P.3d 155, 160 (Colo. App. 2008); United States Steel Corp. v. Mo. P. R. Co., 668 F.2d 435, 438 (8th Cir. 1982); Peter Kiewit Sons’ Co. v. Iowa S. Utils. Co., 355 F. Supp. 376, 396 (S.D. Iowa 1973).
Reprinted courtesy of
Ted R. Gropman, Pepper Hamilton LLP and Christine Z. Fan, Pepper Hamilton LLP
Mr. Gropman may be contacted at gropmant@pepperlaw.com
Read the court decisionRead the full story...Reprinted courtesy of
